Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Alureon-AXW trojan and Win32:Malware-gen


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

I noticed last night that a lot of my document files begin with $ signs. Word wouldn't open them. It says they are corrupt.


These are normally hidden files. OTL turns hidden files on so you can see them. The $ files are copies of files that you open in Word. This is where all of your edits are stored before you Save and close the document. Normally when you close Word the $ files will be removed but if Word or Windows crashes they will be left behind. If Word is not open they can all be deleted.
  • 0

Advertisements


#62
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I don't know if I am doing the zip file correctly. I highlighted both files and selected "compress and email." If this is correct it is still compressing and the remaining time keeps climbing. It's up to over an hour of time remaining. Is this the norm? The speed keeps droping - at 296 B/s as of right now.

Edited by beejee, 22 January 2013 - 06:41 PM.

  • 0

#63
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
"Then let's make sure we have the latest chipset utility:

http://www.intel.com.../support/detect"

I tried this in IE, but I still get the same dialogue box that the driver update utility failed.
  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

I'm sorry I did not accurately state my concern. These files don't begin with "$" only, but with "~$". These are document files I have created in my Documents folder.


-$ are the files I was talking about. If you look at the dates on them you will see they are mostly older files.

I don't know if I am doing the zip file correctly. I highlighted both files and selected "compress and email." If this is correct it is still compressing and the remaining time keeps climbing. It's up to over an hour of time remaining. Is this the norm? The speed keeps droping - at 296 B/s as of right now.


I don't trust the compress and email option. Windows usually assumes you have Outlook installed and will try and send the files to outlook. I wouldn't think that the minidump files would be very big. Usually they are reasonably sized so it shouldn't take long to compress them. Try Add to Archive. That will usually create a file something.zip in the same location as the original. Then attache the .zip file.

When you tried the intel program in IE, it probably caused a yellow line to appear at the top of the page. You need to click on the line to tell it that it is OK to download.
  • 0

#65
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I sent the zip files. Did you get them?

Yes, I noticed that all the files with ~$ were the same size file. I deleted all of them.

I tried loading that utility again, but there wasn't a yellow line asking permission to download. Could my firewall be preventing it?
  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
OK. Both mini dumps are complaining about tcpip.sys so let's go back to an earlier version and see if it works better:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys | C:\Windows\SysNative\drivers\tcpip.sys


******************************************

Everything fron the C:\ on should be on the same line.

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If and Only If After a reboot if you can't get on line try running

Copy the next line:

sfc.exe /scanfile=C:\Windows\SysNative\drivers\tcpip.sys

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window. Reboot.

Ron
  • 0

#67
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ComboFix 13-01-23.01 - Jeannene 01/23/2013 15:29:58.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2162 [GMT -6:00]
Running from: c:\users\Jeannene\Desktop\ComboFix.exe
Command switches used :: c:\users\Jeannene\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 21:40 . 2013-01-23 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 21:47 . 2013-01-23 01:03 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-01-22 21:06 . 2013-01-22 21:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-22 21:06 . 2013-01-22 21:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 20:35 . 2013-01-15 08:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{995474B3-286C-4645-9E2A-0C0A853BE905}\mpengine.dll
2013-01-22 20:26 . 2013-01-22 20:27 -------- d-----w- c:\program files (x86)\7-Zip
2013-01-22 20:25 . 2013-01-22 20:24 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-22 20:23 . 2013-01-22 20:23 -------- d-----w- c:\programdata\McAfee
2013-01-21 22:40 . 2013-01-21 22:40 -------- d-----w- c:\program files\IDT
2013-01-20 22:27 . 2013-01-20 22:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-20 19:41 . 2009-01-20 14:39 473088 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-01-20 19:41 . 2009-01-20 14:38 430592 ----a-w- c:\windows\system32\stcplx64.dll
2013-01-20 19:41 . 2009-01-20 14:38 532480 ----a-w- c:\windows\system32\stapi64.dll
2013-01-20 01:24 . 2013-01-20 01:24 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2013-01-20 01:11 . 2013-01-23 00:33 -------- d-----w- c:\program files (x86)\SpeedFan
2013-01-19 04:34 . 2013-01-19 04:34 -------- d-----w- c:\users\Jeannene\AppData\Local\Macromedia
2013-01-19 03:41 . 2013-01-19 03:41 -------- d-----w- c:\program files (x86)\NirSoft
2013-01-19 03:30 . 2013-01-19 03:30 -------- d-----w- C:\backupres
2013-01-18 23:45 . 2013-01-18 23:45 -------- d-----w- c:\users\Jeannene\AppData\Roaming\Malwarebytes
2013-01-18 23:44 . 2013-01-18 23:44 -------- d-----w- c:\programdata\Malwarebytes
2013-01-18 23:44 . 2013-01-18 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-18 23:44 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 21:28 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-18 21:28 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-18 21:27 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-18 21:27 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-18 21:27 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-18 21:27 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-18 21:27 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-18 21:08 . 2013-01-18 21:08 -------- d-----w- C:\_OTL
2013-01-17 01:20 . 2013-01-17 01:20 -------- d-----w- c:\program files (x86)\EMET
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-13 18:06 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-13 18:06 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-13 18:06 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-13 18:06 . 2012-10-30 23:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-13 18:06 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-13 18:06 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-13 18:06 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-13 18:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-13 18:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\programdata\AVAST Software
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\program files\AVAST Software
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\MFAData
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\Avg2013
2012-12-27 12:21 . 2013-01-19 04:15 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-27 12:21 . 2012-12-27 12:21 -------- d-----w- c:\windows\system32\Macromed
2012-12-26 02:06 . 2012-12-26 02:06 -------- d-----w- c:\programdata\Browser Manager
2012-12-25 23:42 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-12-25 23:39 . 2013-01-18 21:08 -------- d-----w- c:\programdata\Wincert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 21:05 . 2010-04-24 03:56 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-19 09:02 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2013-01-19 04:15 . 2011-11-20 15:16 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 13:31 . 2012-12-21 09:00 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 09:00 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 09:00 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-13 09:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 12:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 12:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 12:43 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 12:43 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 12:43 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 12:43 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 12:43 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-02-11 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 04:15]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2009-08-24 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
2013-01-19 c:\windows\Tasks\HPCeeScheduleForJeannene.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-12-19 247808]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startpage.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.com\payments
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\08rni8zm.default\
FF - ExtSQL: 2013-01-13 17:45; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-ICDL Book Reader - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-23 15:42:51
ComboFix-quarantined-files.txt 2013-01-23 21:42
.
Pre-Run: 164,206,288,896 bytes free
Post-Run: 164,159,885,312 bytes free
.
- - End Of File - - CB5ED6043D12D038F7FC792FEBC84171
  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Looks like it worked. Guess we just wait to see if you get any more blue screens.

If you do, run BlueScreenView and post the log back here.
  • 0

#69
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Okay, fingers crossed.

I still don't have sound. Everything looks good like its working except on the keyboard panel the speaker is muted and I can't unmute it. When I try it mutes and unmutes the speaker symbol on the task bar but it always stays red like it's muted and I can't hear any computer sounds.
  • 0

#70
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
See if this driver will install for you:

http://h10025.www1.h...979340&sw_lang=

It says it is for your exact model but it seems to be a different company.
  • 0

Advertisements


#71
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I tried installing it at least four times. Nothing ever happens - it never tells me installation is done.
  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Right click on Computer and select Manage then Device Manager. Click on the arrow in front of the Sound Video and Game Controller and then right click on the Sound device under it. Select Uninstall. Reboot. It should rediscover the sound card and install it again.
  • 0

#73
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It worked. The sound was a little garglely, but after it warmed up it sounds good.

No BSOD since you set the tcpip.sys to an earlier version, so far.
  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Okay, fingers crossed. :happy:
  • 0

#75
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thought I would check back in and let you know I still have not had a blue screen. Something else that has cleared up that I thought was a different problem is I had been having a blueish green line vibrating through my task bar. I thought my back light was going out. I have not had this problem either since BSOD problem has not returned. I really appreciate all the time you spent helping me. Thanx a million!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP